[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chrooting a program not designed to be chrooted

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: chrooting a program not designed to be chrooted
From: Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>
Date: Fri, 24 Jan 2003 09:11:08 +0100
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

On Thu, Jan 23, 2003 at 07:17:09PM -0000, Dom De Vitto wrote:
> Ted,
> If you go back to basics being root just to bind to <1024 is daft.
> 
> Just bind to a non-priv port, as a non-priv user in a chroot jail,
> then NAT traffic to the priv port to the unpriv one & vice versa.

no, bind to the port before you chroot & drop privs.

-- 
http://2suck.net/hhwl.html
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

References:
- Re: chrooting a program not designed to be chrooted
  - From: Dom De Vitto

Prev by Date: Re: chrooting a program not designed to be chrooted
Next by Date: Re: Controlling users and resources with OpenBSD isakmpd
Previous by thread: Re: chrooting a program not designed to be chrooted
Next by thread: Re: chrooting a program not designed to be chrooted
Index(es):
- Date
- Thread

Visit your host, monkey.org